CVE-2007-2799

file integer overflow

Severity Score

5.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.

Un desbordamiento de enteros en el programa "file" versión 4.20, cuando se ejecuta en sistemas de 32 bits, tal y como es usado en productos que incluyen The Sleuth Kit, podría permitir que los atacantes asistidos por el usuario ejecuten código arbitrario por medio de un archivo largo que activa un desbordamiento que omite una sentencia assert(). NOTA: este problema se debe a un parche incorrecto para CVE-2007-1536.

*Credits: N/A

CVSS Scores

NISTv2 5.1

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-05-22 CVE Reserved
2007-05-23 CVE Published
2024-03-26 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-189: Numeric Errors
CWE-190: Integer Overflow or Wraparound

CAPEC

References (33)

URL	Tag	Source
http://docs.info.apple.com/article.html?artnum=307562	X_refsource_confirm
http://osvdb.org/38498	Vdb Entry
http://secunia.com/advisories/29179	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm	X_refsource_confirm
http://www.amavis.org/security/asa-2007-3.txt	X_refsource_confirm
http://www.securityfocus.com/archive/1/469520/30/6420/threaded	Mailing List
http://www.securityfocus.com/bid/24146	Vdb Entry
http://www.securitytracker.com/id?1018140	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/34731	Vdb Entry
https://issues.rpath.com/browse/RPL-1311	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc	2018-10-16
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	2018-10-16
http://secunia.com/advisories/25394	2018-10-16
http://secunia.com/advisories/25544	2018-10-16
http://secunia.com/advisories/25578	2018-10-16
http://secunia.com/advisories/25931	2018-10-16
http://secunia.com/advisories/26203	2018-10-16
http://secunia.com/advisories/26294	2018-10-16
http://secunia.com/advisories/26415	2018-10-16
http://secunia.com/advisories/29420	2018-10-16
http://www.debian.org/security/2007/dsa-1343	2018-10-16
http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml	2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:114	2018-10-16
http://www.novell.com/linux/security/advisories/2007_40_file.html	2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0391.html	2018-10-16
http://www.trustix.org/errata/2007/0024	2018-10-16
http://www.ubuntu.com/usn/usn-439-2	2018-10-16
http://www.vupen.com/english/advisories/2007/2071	2018-10-16
http://www.vupen.com/english/advisories/2008/0924/references	2018-10-16
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022	2018-10-16
https://access.redhat.com/security/cve/CVE-2007-2799	2007-05-30
https://bugzilla.redhat.com/show_bug.cgi?id=241022	2007-05-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
File Search vendor "File"		File Search vendor "File" for product "File"				4.2 Search vendor "File" for product "File" and version "4.2"		-		Affected
Sleuth Kit Search vendor "Sleuth Kit"		The Sleuth Kith Search vendor "Sleuth Kit" for product "The Sleuth Kith"				*		-		Affected